It is estimated an Australian business was targeted by a cyber attack every 11 seconds in 2021. As cyber security threats grow, companies are learning more about the technology and processes that can protect their people and information, but contact centres face some unique challenges.

For contact centres, one of the biggest cyber security threats is identity theft and account hijacking. Contact centre agents at financial institutions and superannuation providers have joined government agencies as some of the most frequent targets for illegal access to personal data and the takeover of accounts.

In Neustar TRUSTID's 2021 survey, 64% said they were concerned about fraud originating in their contact centres and 40% of financial services companies saw an increase in contact centre fraud compared to previous years.

Advances in technology have allowed fraudsters to gain access to personal information that allow them to target contact centre authentication processes to access accounts. But technology is also providing more ways for us to prevent fraud.

Fraudsters are getting smarter - and closer

In recent years, criminals have become increasingly adept at circumventing traditional authentication processes. There are now a range of ways that they can, quite easily, access personal information used for authentication purposes, including:

  • socially engineering contact centre agents
  • using malware to steal credentials or passwords from devices
  • purchasing information on the dark web
  • performing SIM-swap attacks.

Not only are the ways to steal information diversifying, so are the perpetrators. There has been an increase of fraud being committed by people known to the victims, or people who are termed as "known actors". (For example, roughly 6 in 10 cases of elder financial abuse are committed by relatives.)

This brings into question how contact centres are authenticating customers, and whether these authentication processes are still an effective way of identifying someone.

How does fraud happen in contact centres?

We've all had to identify ourselves when calling contact centres for products and services we consume. Commonly we’re asked to confirm personal details (like our date of birth, address or name) or knowledge-based authentication (like account numbers or a mother’s maiden name) to gain access.

The question is though, how secure is this type of identification?

While traditionally it would only be those close to you that would know personal information, the rise of social media and other channels mean much of this information is now in the public domain. And that's even before malware or phishing attacks.

Contact centre authentication processes can be highly vulnerable to social engineering, when a scammer manipulates an agent into inadvertently sharing identifiers or even granting access to an account. Yet over 50% of contact centres are still using knowledge identifiers as their primary form of authentication.

The fallout of identity theft can have large impact on the organisation at the centre of it. Many financial institutions will wear the monetary expense of any fraud committed. But they also face a cost that is hard to quantify: the reputational damage of poor customer experience and a perceived lack of secure services.

Customers can churn and shift providers across the majority of consumer services with exceptional ease these days - the entire process can often be done within the hour. As fraud becomes easier to commit, organisations need to adapt their processes to ensure they protect their customers and their reputation.

Photo of Datacom's Dean Fox, Head of CX Technology

Tech-based authentication becoming more accessible

We are starting to see a positive shift in organisational approach to tightening authentication measures. Preference for agent-led authentication fell 57% in 2021 and there has been a rise in use of Multi-Factor Authentication, with more organisations using SMS codes and passphrases as secondary identifiers. A Google study has shown that SMS based authentication can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks.

Multifactor authentication promotes accuracy by employing any factor necessary to detect an imposter, including:

  • Something you know (like a PIN or password)
  • Something you have (like a smartphone or dongle)
  • Something you are (voice, face, fingerprint, or behavioural biometrics).

Biometrics is a technology that has emerged over the last several years that uses unique identifiers like voice recognition to identify callers. Traditionally, biometrics solutions were only deployed by Tier 1 financial organisations and government departments. However, recent developments and a more competitive supplier market have brought down costs and made it a much more accessible option.

Biometrics specialists Nuance recently published a case study on the NatWest Group, who deployed Nuance Gatekeeper to screen every incoming call and compare voice characteristics (including pitch, cadence, and accent) to a library of fraudster voiceprints. The system identifies known fraudsters in real-time, alerting the call centre agent and the fraud team if there is a match. It also enrolled legitimate customers to rapidly authenticate them based on the sound of their voice during their first few seconds of natural conservation with an agent.

In monitoring 17 million inbound calls, 23,000 have led to alerts, and the bank has found that one in every 3,500 calls is a fraud attempt. Stopping fraudsters in their tracks is already paying off financially - one prolific fraudster identified was connected to suspect logins on 1,500 bank accounts.

This approach to authentication not only strengthens security but provides a streamlined process and experience for agents and customers alike. The responsibility of authentication is lifted from agents, and customers are no longer required to remember complex passwords or security question answers.

Contact centres remain an important feature for customer and organisations, and those who rise to the cyber security challenge are likely to see a number of benefits. It will be interesting to continue to monitor the impact of fraud on contact centres and the shift that organisations make in response. Studies show many organisations are aware of the challenge and are prepared to undergo change.

Related industries
Technology Financial services Healthcare Professional services
Related solutions
Contact centres Security